Hatching cyberwar: Pentagon incubator will manage weapons

This story has been updated to clarify points about the role of the lab.

The Pentagon’s research wing is setting up a technology incubator for Defense-funded developers to stitch together computer code to automate offensive cyber operations.

The Arlington, Va.-based experimental lab, called the Collaborative Research Space, will function as the test grounds for Plan X, a four-year funding drive to build a system to “control a cyber battlespace in real-time,” a newly-released contract document on the initiative reveals. The Defense Advanced Research Projects Agency wants onsite developers to build algorithms and combine code that could make it easier for planners to implement more proactive security measures and launch malware campaigns against adversaries. According to the document, DARPA seeks to build "an end-to-end system that enables the military to understand, plan, and manage cyberwarfare in real-time" and an "open platform architecture for integration with government and industry technologies."

Plan X, also called “foundational cyberwarfare,” signals an increasingly aggressive turn in the Defense Department’s approach to addressing threats to its networks. The laboratory, a designated Collateral Secret area, is described as a collaborative space for contractors and the military. “DARPA intends to arrange program interaction with a variety of users from DoD and other government agencies, including onsite military personnel who will be testing and using the Plan X system on a daily basis,” contract databases indicate.

The public call for proposals, released Nov. 20, marks the Pentagon’s growing willingness to advertise its work on cyber weapons. The initiative comes as the National Cyber Range for Defense personnel to hone computer attack capabilities is slated for a multimillion dollar boost as the system transitions from research laboratories into deployment. President Obama in October signed a secret directive giving the military additional leeway to address computer threats, according to reports.

A request for proposals for Plan X had first been scheduled for release at the end of September but was delayed following an unexpected volume of interest from security researchers and contractors. More than 350 participants attended briefings on the program in October, according to DARPA. The DARPA program is spearheaded by Daniel Roelker, who had started defensive security company Sourcefire as well as DC Black Ops unit at Raytheon SI Government Solutions.

Organizations looking to be funded under Plan X should plan on providing one to two full-time developers with Secret security clearances at the incubator, while supporting the individuals off-site. All code created will be incorporated into a full system located at the space.

While explicitly not funding tools to scan networks, DARPA said in the tender it is looking to fund ways to pool information from such tools to create a map of a network – including security infrastructure such as firewalls and intrusion detection systems – that military strategists can rely on to plan computer-oriented campaigns.

A central tenet of Plan X involves identifying areas for automation and machine assistance in cyber operations. “The speed of planning hinges on using machine assistance to automate as much of the process as possible,” the tender states. With algorithms that can help calculate the resources and tools needed to infiltrate networks, assess possible collateral damage from targeting enemy systems, and capabilities to model opponent moves, DARPA hopes that planners will be able to draw up a plans of action more quickly.

Once a cyberwarfare mission plan can be drawn up for an operation, “the next step is to compile or synthesize the plan into a fully encapsulated executable program or script,” according to the tender. DARPA wants researchers to think about how to build “automated techniques that allow mission planners to graphically construct detailed and robust plans that can be automatically synthesized into an executable mission script.” While automation could speed up the response time of the military, moves to reduce human control could raise concerns, especially if computer glitches go unchecked.

DARPA has explicitly stated it is not funding research into computer vulnerabilities or command and control protocols through Plan X. The broad agency announcement, however, indicates that proposers working on run-time environments -- which interpret programming languages and allow them to be executed -- “should leverage public and commercial capabilities such as Metasploit, Immunity CANVAS, and other standard toolkits.” These are pentesting and exploit-related tools that identity vulnerabilities in computer systems.